<?php
/**
*
* @package YubiKey Login
* @version 1.0.3
* @copyright (c) 2010 Tim Schlueter
* @license http://opensource.org/licenses/gpl-license.php GNU Public License 
*
*/

/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
	exit;
}

class ucp_yubikey_confirmlost
{
	var $u_action;

	function main($id, $mode)
	{
		global $phpbb_root_path, $phpEx;
		global $db, $user;

		$user_id = request_var('u', 0);
		$key = request_var('k', '');

		// Verify user and key
		$sql = 'SELECT * FROM ' . YUBIKEY_TABLE . ' WHERE user_id = ' . (int) $user_id;
		$result = $db->sql_query($sql);
		$user_row = $db->sql_fetchrow($result);
		$db->sql_freeresult($result);

		if (!$user_row)
		{
			meta_refresh(5, append_sid("{$phpbb_root_path}index.$phpEx"));
			trigger_error('ACCOUNT_YUBIKEY_NO_USER', E_USER_WARNING);
		}

		if (!$user_row['lost_key'] || $user_row['lost_key'] != $key)
		{
			meta_refresh(5, append_sid("{$phpbb_root_path}index.$phpEx"));
			trigger_error('ACCOUNT_YUBIKEY_CONFIRM_LINK_EXPIRED', E_USER_WARNING);
		}

		// De-activate all YubiKeys associated with the user account
		$sql = 'UPDATE ' . YUBIKEY_TABLE . ' SET status = ' . YUBIKEY_INACTIVE . ' WHERE user_id = ' . (int) $user_row['user_id'];
		$db->sql_query($sql);

		// Log the action
		add_log('user', $user_row['user_id'], 'LOG_YUBIKEY_LOST_CONFIRMED', null);

		meta_refresh(5, append_sid("{$phpbb_root_path}ucp.$phpEx?mode=yubikey_reset&u={$user_row['user_id']}&k=$key"));
		trigger_error($user->lang['YUBIKEY_LOST_CONFIRMED']);
	}
}

?>